IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt

Christopher Wood <caw@heapingbits.net> Sat, 07 March 2020 23:57 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 069913A1D1F; Sat, 7 Mar 2020 15:57:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=IbkiTG5j; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=mqVqNiJg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrnmUsV8lURr; Sat, 7 Mar 2020 15:57:17 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B0CB3A1D1C; Sat, 7 Mar 2020 15:57:17 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id AED9B21D75; Sat, 7 Mar 2020 18:57:16 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sat, 07 Mar 2020 18:57:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm3; bh= UUEdKUvLimVs8EU67iEi8e4pkbTjvn4b1+zQIpHEWxM=; b=IbkiTG5jJEvOWQcf qB5+1Yzj8CwH0g+1DO/QqWPWbHymSANPP1gh4WR7+o8mxhkqAM355UMy6uJAJdDX pWwSIHP00SHF1mhWaN0lskZ6qPQfOxsJPCzjKLwBeZgNKe7gdYCrEJ962WFKO71h 7MVY+donEcMxSuIY6K4PYW/Xe2inf512nbCgcYlJJTyY9jgdaLOxDPWGY57WTHPB 4z+Nu63VvVGQxqz6JYIm7MN78Av18rrDrPPYdNin7a4SRElpVvozRxItshhon/xJ WrN7/B78klOVWTw7a5jvzeedNxYZbTE+RcdaXWHNmT3J8W8AD/ouGctPSzhZFOUL xcOtCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=UUEdKUvLimVs8EU67iEi8e4pkbTjvn4b1+zQIpHEW xM=; b=mqVqNiJgmljHw85Es+8c5eHz3SrGXlqu1x1LyligB1Qbq7X/h0lxzFlRi ESL7EBU4lQYegSQpQhDPx2cdbCF1eYNd2ahFeLTiAHiPw7Nzoh2jO+gfTvVVJ/NX GOycQCmNEs5FsM8jCW35cqDIADS2rhkYeVcLeWsFKm1pKESO016DcFOYdZCbhyy7 IAP1THASJxUqt67Wn7zw3SA1itlPtfC3Ja2d4ROsZkJ5lBDcWJTaBLTf96OhTpzD tm7pR5YW/j13Cxu0959P7Ya+mlAeEuzRQYcriFP23HlA7CfDgKfm+qW0ZqkHycbM VzCz15ykPRTnIjS/MRXNZsFU8ThHg==
X-ME-Sender: <xms:3DRkXkGiEq22nLmdCsPLlnGdu_EOyZpVD8gUNDL_Rw91zNi08PxFZw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudduhedgudeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffokfgjfhggtgfgsehtke hmtdertdejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhepghhithhhuhgsrdgtoh hmpdhivghtfhdrohhrghenucfkphepjeefrdelvddrieegrddufedtnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhngh gsihhtshdrnhgvth
X-ME-Proxy: <xmx:3DRkXjr8glhTCL01rQxEwKW4KNsk1b79J7cUUAlIhYfCoafXaI6UVA> <xmx:3DRkXu6Ve0ut24js3K3o58k4dNl0lcq9KM7NKu3rFcK_KP3UF69IIA> <xmx:3DRkXu6rnmV_08kxkv8MST6O-2nJ4Fna35L8lpdD1wWQ540ylPazsw> <xmx:3DRkXncplDhlCh_UaCJOlaZzIWCj0Psximv0mqasOJVLV-4Y9prLNw>
Received: from [10.0.0.184] (c-73-92-64-130.hsd1.ca.comcast.net [73.92.64.130]) by mail.messagingengine.com (Postfix) with ESMTPA id E8A9F328005A; Sat, 7 Mar 2020 18:57:15 -0500 (EST)
From: Christopher Wood <caw@heapingbits.net>
To: tls@ietf.org
Cc: i-d-announce@ietf.org
Date: Sat, 07 Mar 2020 15:57:14 -0800
X-Mailer: MailMate (1.13.1r5671)
Message-ID: <FCDB9455-47AC-4E9E-ABE1-4D8BBA22F782@heapingbits.net>
In-Reply-To: <158362472726.18234.5264810685870724141@ietfa.amsl.com>
References: <158362472726.18234.5264810685870724141@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wE-d45-khPMdWOct3BuDYl0aP90>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-semistatic-dh-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2020 23:57:19 -0000

Among editorial changes, this update removes key schedule injection. The 
resulting design still requires formal analysis, though we don’t 
expect much more to change at this point. Please have a look and provide 
feedback.

Thanks!
Chris (no hat)

On 7 Mar 2020, at 15:45, internet-drafts@ietf.org wrote:

> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Transport Layer Security WG of the 
> IETF.
>
>         Title           : Semi-Static Diffie-Hellman Key Establishment 
> for TLS 1.3
>         Authors         : Eric Rescorla
>                           Nick Sullivan
>                           Christopher A. Wood
> 	Filename        : draft-ietf-tls-semistatic-dh-01.txt
> 	Pages           : 7
> 	Date            : 2020-03-07
>
> Abstract:
>    TLS 1.3 [RFC8446] specifies a signed Diffie-Hellman exchange 
> modelled
>    after SIGMA [SIGMA].  This design is suitable for endpoints whose
>    certified credential is a signing key, which is the common 
> situation
>    for current TLS servers.  This document describes a mode of TLS 1.3
>    in which one or both endpoints have a certified DH key which is 
> used
>    to authenticate the exchange.
>
> Note to Readers
>
>    Source for this draft and an issue tracker can be found at
>    https://github.com/ekr/draft-rescorla-tls13-semistatic-dh
>    (https://github.com/ekr/draft-rescorla-tls13-semistatic-dh).
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-semistatic-dh/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-tls-semistatic-dh-01
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-semistatic-dh-01
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-semistatic-dh-01
>
>
> Please note that it may take a couple of minutes from the time of 
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email